39293/JEC/X2 




CLAIMS: 

1. A comfcuter network comprising: 
a first edge device coupled to a first private network, the 

first edge device configured to create a first table with 
information of /member networks reachable through the first edge 
device, the fijrst table being stored in a first database; 

a second /edge device coupled to a second private network, 
the second edge device configured to create a second table with 
information o/E member networks reachable through the second edge 
device, the slecond table being stored in a second database; 

whereirtf, the first and second edge devices enable secure 
corruTiunicaticm between the first and second private networks, and 
the first edfge device shares the first table with the second edge 
device and /the second edge device shares the second table with 
the first edge device. 

2. /The computer network of claim 1, wherein the first edge 
device indludes logic for: 

receiving a new route information; 

storfing the new route information in the first database; and 
transmitting a portion of the new route information to the 
second edge device. 



3.1 The computer network of claim 2, wherein the portion 
of the iKew route information is a route name. 



The computer network of claim 2, wherein the second 



re 
ac 



edge device includes logic for: 



ceiving the portion of the new route information; 
cessing the first database based on the portion of the new 



route i nf ormation; 
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retrieving the new route information from the first 
database; and 

storing the retrieved route information in the second 
database . 

5. The computer network of claim 1, wherein communication 
between the first add second networks is managed according to a 
security policy associated with the networks. 

6. The computer network of claim 5, wherein the security 
policy is defined /for a security group providing a hierarchical 
organization of tme group, the group including member networks, 
users allowed t<p access the member networks, and a rule 
controlling access to the member networks. 

7. The ccpputer network of claim 6, wherein each member 
network has full/ connectivity with all other member networks and 
the security policy defined for the security policy group is 
automatically configured for each connection. 



8. The domputer network of claim 6, wherein the security 
policy provides encryption of traffic among the member networks 
and the rule i$ a firewall rule providing access control of the 
:fic among the member networks. 



encrypted tr.af 



9. In a 
coupled to a 
coupled to a s 
devices enabl 
second privat 
information 



computer network including a first edge device 
first private network and a second edge device 
econd private network, the first and second edge 
ng secure communication between the first and 
networks, a method for gathering membership 
comprising : 
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creating a first ta&le with information of member networks 
reachable through the fiirst edge device, 

storing the first table in a first database; 

creating a second liable with information of member networks 
reachable through the second edge device; 

storing the second table in a second database; 

sharing the firsu table with the second edge device; and 

sharing the secoftd table with the first edge device. 

10. The -method /of claim 9 further comprising: 
receiving a new/ route informations- 
storing the new/ route information in the first database; and 
transmitting a/ portion of the new route information to the 

second edge device J 

11. The methfod of claim 10, wherein the portion of the new 
route information/ is a route name. 

12. The metthod of claim 10 further comprising: 
receiving trie portion of the new route informations- 
accessing tpe first database based on the portion of the new 

route information; 

retrieving/ the new route information from the first 
database; and I 

storing tfhe retrieved route information in the second 
database . 

13. The method of claim 9, wherein communication between 
the first and second networks is managed according to a security 
policy associated with the networks. 




51 



39293/JEC/X2 



• 



14. The method/of claim 13 further comprising defining the 
security policy for a security policy group, the group providing 
a hierarchical organization of the group including member 
networks, users allowed to access the member networks, and a rule 
controlling access (to the member networks. 

15. The method of claim 14, wherein each member network has 
full connectivity with all other member networks and the s.ecurity 
policy defined fop the security policy group is automatically 
configured for each connection. 



16. The metjhod of claim 14, wherein the security policy 
provides encryption of traffic among the member networks and the 
rule is a firewall rule providing access control of the encrypted 
traffic among the member networks. 
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